Pages: Previous123456
Current Page: 6 of 6
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: notaplayer83 (---.84.205-100.dyn.dsl.cantv.net)
Date: July 21, 2010 04:30PM

Oh Thanks smiling smiley

But I installed openSSL followed the directions at the beginning of the forum (again) and it worked grinning smiley

Now I have another question (don't know if this would be the right place to post it). I only need HTTPS for some pages, so is it there a way to do it? force https only in some pages? I've googled it and found thins like this one:

<Location /buyCrap.php>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) []%{HTTP_HOST}%{REQUEST_URI}
</Location>

but I really don't know where to place those lines: httpd.conf? or httpd-ssl.conf? or even an .htaccess file in my directory? I've read it's better to place it in httpd.conf, but is it still the same for WAMP?

Thanks again smiling smiley

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: yfastud (Moderator)
Date: July 21, 2010 06:54PM

you have to setup and put it in VH that contains buyCrap.php so when this buyCrap.php is called, it loads https winking smiley

Have fun,

FREE One A Day
FREE Photo
FREE Games
FREE Websites
FREE Portable GPS
FREE WAMP Guides



Edited 1 time(s). Last edit at 07/21/2010 07:01PM by yfastud.

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: yog (---.9-3.cable.virginmedia.com)
Date: January 18, 2012 11:01AM

hii,, i got a same problem like you,, actually i did all the step but at the end,, when i am restarting my wamp server, its apache service is stop working..

so please help me,, i want to short it out asap..

thanks in advance..

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: yog (---.9-3.cable.virginmedia.com)
Date: January 18, 2012 11:19AM

hii

> first of all, thanks to step by step process

>i did all the step completely and i also get ok at the end of step 5

> problem: after doing all the step, when i am restarting my wamp server, it shows one of wamp services (apache) is not running.

> so anyone can help me, to short this problem out asap,, please

>thank you in advance..

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: trizzze (203.121.84.---)
Date: May 23, 2012 09:35AM

hi guys... i'm really screwed with all the suggested solution before... how ever my wamp came back to me when i use this method:
Remove the encryption from the RSA private key (while preserving the original file)
Remark out - SSLPassPhraseDialog in the appropriate apache conf file with a # in front of the directive

1. Make a copy of the private key and call it "server.key.org"
2. Use the OpenSSL command to remove the passphrase such as;

openssl rsa -in server.key.org -out server.key
server.key will be your new private key with the passphrase removed.

3. Move this new key to the same path as where your original was kept. Verify that the directive called "SSLCertificateKeyFile" in your apache config file points to the new private key.
4. Find the directive "SSLPassPhraseDialog" and put a # in front to comment out the line.

You will now be able to startup Apache with SSL on Windows.


Thaks for [www.entrust.net]

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: jaisingh1006 (---.117.165.106.static-delhi.vsnl.net.in)
Date: October 30, 2013 07:18PM

Hello Hambuler,

thank you for the tutorial. Everything worked fine but 2 issues:

1. I couldn't find the setting SSLMutex ... but when I did it manually I got syntax error and when I removed that it worked fine. I am using WAMP 2.4 any clues..?

2. After I restarted apache and tried to load my website with https then I couldn't load the resources as they returned 501 error.

Any help would be greatly appreciated.

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: krome (117.197.255.---)
Date: May 17, 2014 06:53PM

i am getting an error in step 5

"httpd: Syntax error on line 539 of D:/wamp/bin/apache/apache2.4.9/conf/httpd.con
f: </IfModule> without matching <IfModule> section"

i checked httpd.conf in notepad++.. all ifmodules seem to be closed properly

please help.. i am a newbie sad smiley

EDIT: line 539 has a closed ifmodule
EDIT: as the above post even i couldnt find sslmutex.. i added it manually



Edited 2 time(s). Last edit at 05/17/2014 07:00PM by krome.

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: albertfiati (41.191.244.---)
Date: July 18, 2014 06:22PM

Got mine to work.. tot sharing would be helpful ... follow the tutorial keenly to understand and get the expected result. this is for reference..

#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:[httpd.apache.org];
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#

#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512


#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
Listen 443

##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##

#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache "dbm:c:/apache2/logs/ssl_scache"
SSLSessionCache "shmcb:c:/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex default

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

# General setup for the virtual host
DocumentRoot "c:/wamp/www"
ServerName www.example.com:443
ServerAdmin admin@example.com
#ErrorLog "c:/apache2/logs/error.log"
ErrorLog logs/sslerror_log
#TransferLog "c:/apache2/logs/access.log"
TransferLog /sslaccess_log

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# SSL Protocol support:
# List the protocol versions which clients are allowed to
# connect with. Disable SSLv2 by default (cf. RFC 6176).
SSLProtocol all -SSLv2

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
#SSLCertificateFile "c:/apache2/conf/server.crt"
SSLCertificateFile "conf/ssl.crt/server.crt"
#SSLCertificateFile "c:/apache2/conf/server-dsa.crt"

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile "c:/apache2/conf/server.key"
SSLCertificateKeyFile "conf/ssl.key/server.key"
#SSLCertificateKeyFile "c:/apache2/conf/server-dsa.key"

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile "c:/apache2/conf/server-ca.crt"

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath "c:/apache2/conf/ssl.crt"
#SSLCACertificateFile "c:/apache2/conf/ssl.crt/ca-bundle.crt"

# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath "c:/apache2/conf/ssl.crl"
#SSLCARevocationFile "c:/apache2/conf/ssl.crl/ca-bundle.crl"

# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10

# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
#<Directory "c:/apache2/cgi-bin">
# SSLOptions +StdEnvVars
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
#CustomLog "logs/ssl_request.log" \
CustomLog "logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: TonyCraft Anthony (78.195.39.---)
Date: June 13, 2015 06:09PM

Hello,
I have followed all steps but I can't connect on my server with HTTPS. Can you help me?
Details:
Wamp version: 2.5
Website: Wordpress

If you need more information, do not hesitate to ask it.
Thanks,
TonyCraft Anthony
PS: I'm french...

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: RiggsFolly (---.as43234.net)
Date: June 13, 2015 06:30PM

This is the process I follow, sorry its in English.

There is a French forum if you prefer, HERE

How to Configure WAMPServer to use HTTPS SSL


This is not a trivial process. This tutorial will, hopefully, get SSL working for you.
However getting it configured to match your secific requirements once it is working is TOTALLY DOWN TO YOU.

Additional reading for all who travel this road
Remember this is Apache and PHP we are configuring here and not WAMPServer, so it is all documented on the Apache and PHP sites if you get any issues or have any specific requirements.

Ok,

I have based this tutorial on the creation of a site called www.wamphelpers.dev So whereever you see that name change it to the site name you are trying to secure.

I started by creating a unsecured site, in \wamp\www\wamphelpers

added a Virtual Host for that site, in httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "c:/wamp/www"
    ServerName localhost
    ServerAlias localhost
    <Directory  "c:/wamp/www">
        AllowOverride All
        Require local
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "c:/wamp/www/wamphelpers"
    ServerName wamphelpers.dev
    ServerAlias www.wamphelpers.dev
    <Directory  "c:/wamp/www/wamphelpers">
        AllowOverride All
        Require local
    </Directory>
</VirtualHost>

Added its name to the C:\windows\system32\drivers\etc\hosts

127.0.0.1 wamphelpers.dev www.wamphelpers.dev
::1       wamphelpers.dev www.wamphelpers.dev


Now restart the dnscache as follows from a command windows launched using 'Run as Administrator'

net stop dnscache
net start dnscache


Then created a simple script in \wamp\www\wamphelpers\index.php

<?php
    echo 'Hello, this is the WAMPHELPERS.DEV site homepage';
?>

Now restart Apache and make sure that your simple unsecured site is working before continuing


---------- The openssl toolkit. ----------

The openssl.exe, ssleay32.dll and libeay32.dll come with, and are located in, the C:\wamp\bin\apache\apachex.y.z\bin folder
This should be all you need to create your self signed certificate !!




---------- Generate keys and Certificates. ----------

STEP 1: Generate an RSA Private Key

First we need to create ourselves a certificate.
The normal (paid for) process is to create your certificate and then pass it to a signing authority.
This is why it costs money, as they have to do, due dilligence, to check that you are who you say you are and that site that you will use the certificate on is real and legitimate.

The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request) to be used for our Certificate.
The first step is to create your RSA Private Key.
This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.


Open up a Command window (Dos box) using Run as Administrator
Change Directory to where you installed the OpenSSL Toolkit above.
In my case this is

set openssl_conf=c:\wamp\bin\apache\{apache_version}\conf\openssl.cnf
CD c:\wamp\bin\apache\{apache_version}\bin

Make a folder for the output to be put in ( to keep the bin folder tidy ) I used website
md website

Now enter this command:
openssl genrsa -out website\server.key 2048

This should have created a file in the 'website' folder called privkey.pem, without a pass phrase key, check it exists.


Step 2: Generate a CSR (Certificate Signing Request)

During the generation of the CSR, you will be prompted for several pieces of information.
These are the X.509 attributes of the certificate.
One of the prompts will be for "Common Name (e.g. server FQDN or YOUR name) []:".
It is important that this field be filled in with the fully qualified domain name of the server to be protected by SSL.
So if the website to be protected will be `[www.wamphelpers.dev]`, then enter `www.wampheplers.dev` at this prompt.

Do not enter anything to the question: A challenge password []:] - Just press Enter.
If you do enter a passphrase here when you come to start Apache with SSL configured Apache will not start and will give this error message :-

*[error] Init: SSLPassPhraseDialog builtin is not supported on Win32*

Basically if you do enter a passphrase Apache is supposed to challenge you for that passphrase each time it starts.
This is obviously not going to make your life any easier but primarily on windows it does not actually work and will
cause Apache to crash when it attempts to ask for the passphrase, with the above error.

The command to generate the CSR is as follows:
openssl req -new -key website\server.key -out website\server.csr


Example question and answers:
    Country Name (2 letter code) [AU]:GB
    State or Province Name (full name) [Some-State]: Hampshire
    Locality Name (eg, city) []: Portsmouth
    Organization Name (eg, company) [Internet Widgits Pty Ltd]: Wamp Helpers Ltd
    Organizational Unit Name (eg, section) []: Information Technology
    Common Name (e.g. server FQDN or YOUR name) []: www.wamphelpers.dev
    Email Address []: me@wamphelpers.dev

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []: ( leave blank just hit the enter key )
    An optional company name []: ( leave blank just hit the enter key )

Step 3: Generating a Self-Signed Certificate

At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA, or you wish to test
your new SSL implementation while the CA is signing your certificate.

openssl x509 -req -days 365 -in website\server.csr -signkey website\server.key -out website\server.crt

PRE - WARNING
Because we are not getting this certificate signed by a Certificate Authority, this certificate will generate an error in the client browser to the effect that
the signing certificate authority is unknown and not trusted.
This is unavoidable as we are signing the certificate ourselves, but of course the web of trust does not know who we are.
See example later in this document showing how to tell your browser that you actually trust this certificate


Example output:
Loading 'screen' into random state - done
Signature ok
subject=/C=GB/ST=Hampshire/L=Portsmouth/O=WampHelpers Ltd/OU=Information Technology/CN=www.wamphelpers.dev/emailAddress=riggsfolly@wamphelpers.dev
Getting Private key

Step 4: Installing the Private Key and Certificate

Create these 2 directories under the version of Apache you are using.

md c:\wamp\bin\apache\apachex.y.z\conf\ssl.key
md c:\wamp\bin\apache\apachex.y.z\conf\ssl.crt

And copy the file we have just generated into them like so:
copy website\server.crt c:\wamp\bin\apache\apachex.y.z\conf\ssl.crt
copy website\server.key c:\wamp\bin\apache\apachex.y.z\conf\ssl.key


Step 5: Configure Apache to activate SSL

Edit httpd.conf, Check that this line is uncommented
LoadModule ssl_module modules/mod_ssl.so

Remove the comment '#' from this line also
Include conf/extra/httpd-ssl.conf

Then move that line after this block <IfModule ssl_module>.... </IfModule> like so

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf


Step 6: Configure PHP to activate SSL

Edit your php.ini ( use the wampmanager menus so you edit the correct one )

Remove the comment ';' from this line
extension=php_openssl.dll


Step 7: Configure your secure sites Virtual Host

Yup for all you Virtual Host nay sayers, now you cannot avoid the process.

Edit "\wamp\bin\apache\apachex.y.z\conf\httpd-ssl.conf"

This file is released by Apache and contains some default file location.
We can leave most of this file as it is, but we need to configure the virtual host in here to match our actual sites location and a few other things so:

find these lines
DocumentRoot "c:/Apache2/htdocs"
ServerName www.example.com:443
ServerAdmin admin@example.com
ErrorLog "c:/Apache2/logs/error.log"
TransferLog "c:/Apache2/logs/access.log"

and change them to
    DocumentRoot "c:/wamp/www/wamphelpers"
    ServerName wamphelpers.dev:443
    ErrorLog "c:/wamp/logs/ssl_error.log"
    TransferLog "c:/wamp/logs/ssl_access.log"

Find
SSLCertificateFile "c:/Apache2/conf/server.crt"

and change to
SSLCertificateFile "c:/wamp/bin/apache/apachex.y.x/conf/ssl.crt/server.crt"

Find
SSLCertificateKeyFile "c:/Apache2/conf/server.key"

and change to
SSLCertificateKeyFile "c:/wamp/bin/apache/apache2.2.26/conf/ssl.key/server.key"

Find
<Directory "c:/Apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

and change to
<Directory "c:/wamp/www/wamphelpers">
    SSLOptions +StdEnvVars
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1 localhost ::1
</Directory>


Find
SSLSessionCache        "shmcb:c:/Apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

and change it to
SSLSessionCache        "shmcb:c:/wamp/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
Find
<Directory "c:/Apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

and change to
CustomLog "c:/wamp/logs/ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


Basically look through the conf file and any command that is not commented out, but has a reference to a file or folder
should be changed to reference the WAMPServer folder structure and not 'C:/Apache2....'

Now make sure all these files we have changed are saved, and restart Apache using the wampmanager menus.


First test that the unprotected site is still working.

Then try using your new protected site by adding the 'https://' to the front of the domain name
i.e. `[www.wamphelpers.dev]` without the single quotes of course.



If Apache does not restart you have probably spelt something wrong. Test the configs like so :-

Open a command window
cd \wamp\bin\apache\apachex.y.z\bin
httpd -t

This will parse all the config files and should give you a file name and a line number where an error has been found.

Fix it and try again.



First access to your site will generate a message page something like this.
This is using FireFox, others will be slightly different, but the concept it the same.




This is because your certificate is not signed by a trusted authority, DONT PANIC, this is supposed to happen.

Click on, 'I Understand the risk' and that will show you a button saying 'Add Exception'
Press the Add Exception button, after checking that the certificates site details are in fact yours,
and you will not see this message again unless you clear the exception list.





BIG NOTE
As of Apache v2.2.12 and OpenSSL v0.9.8j it is now possible to secure more than one site per Apache instance.
This tutorial does not cover that process.
See here for more details:

Here

And here

And here

And like I said at the top, now you need to do some reseach on all the options available in the SSL config and make thing work as you want rather than using the default.

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.2.8 32bit & 64bit) Aestan Tray Menu 3.2.4.7
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>

Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-



Edited 3 time(s). Last edit at 03/26/2017 12:56PM by RiggsFolly.

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: nitin.pant (112.196.13.---)
Date: September 16, 2015 03:03PM

Hi,
I am follow all step the step and but not in the 1024 bit i will used 2048 bit. i am also buy ssl certificate to the godaddy and they will give two cert files one of which is bundle.crt. i linked these files but when i am restart my wamp server they will be stuck on a orange status. and the apache will not running. please guys help me asap

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: khaleeq (114.143.191.---)
Date: March 31, 2016 12:19PM

Hi Thanks for your tutorial,

I have the certificate from the trusted CA (GODADDY), what could be the procedure we have to follow. You said we need to change the steps at 1d in this tutorial.

Please let me know what else do we have to follow the process.

Thank you in advance.

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: RiggsFolly (Moderator)
Date: March 31, 2016 12:47PM

Hi Khaleeq

Can you start a new Thread with your question. Also add the answer to these question so we know what version of WAMPServer you are using [forum.wampserver.com]

We do not provide support for installing certificates, but if we can help we will try.

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.2.8 32bit & 64bit) Aestan Tray Menu 3.2.4.7
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>

Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: khaleeq (114.143.191.---)
Date: April 04, 2016 09:27AM

If I keep the # symbol before Listen 443 in httpd_ssl.conf file. . .then my server is not starting . . .

In log files I found like "removed PID file C:/wamp/bin/apache/Apache2.2.11/logs/httpd.pid (pid=23624)"

Please let me know what should I check for this.

Options: ReplyQuote
Re: Wamp2 HTTPS and SSL Setup Step-by-Step guide
Posted by: RiggsFolly (Moderator)
Date: April 04, 2016 09:51AM

Khaleeq

You have to remove the # so the line

Listen 443

becomes active.

Out of interest, why did you think that you should leave the # (comment symbol) in front of this line?

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.2.8 32bit & 64bit) Aestan Tray Menu 3.2.4.7
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>

Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Options: ReplyQuote
Pages: Previous123456
Current Page: 6 of 6


Sorry, only registered users may post in this forum.